1. Transports and Interfaces: Siebel Enterprise Application Integration
  2. Providing Client Certificate Information for TLS Mutual Authentication

Providing Client Certificate Information for TLS Mutual Authentication

In certain versions, Siebel CRM supports client authentication for TLS-based communications (also known as mutual authentication) using the EAI HTTP Transport business service, and for workflows and outbound Web service calls that call the EAI HTTP Transport business service.

Note: For information about the specific versions that support mutual authentication, see 560965.1 (Article ID) on My Oracle Support.
Caution: It is strongly recommended to use Transport Layer Security (TLS) for best security, where possible. Using Secure Sockets Layer (SSL) is not supported for secure environments. See Siebel Security Guide.

If client authentication is enabled, then the Siebel Server presents a client certificate to an external Web server by supplying values for the EAI HTTP Transport parameters HTTPCertSerialNo and HTTPCertAuthority.

If the EAI HTTP Transport business service is invoked directly by Siebel eScript or a workflow, then you can specify the HTTPCertSerialNo and HTTPCertAuthority parameters by setting input properties (business service method arguments).

The following is an example of the code used to call the EAI HTTP Transport business service using Siebel eScript:

var oService = TheApplication().GetService("EAI HTTP Transport");
var oInputs = TheApplication().NewPropertySet();
var oOutputs = TheApplication().NewPropertySet();

oInputs.SetProperty("HTTPRequestMethod", "GET");
oInputs.SetProperty("HTTPRequestURLTemplate", sUrl);

// Set the Serial Number of the Client Certificate
oInputs.SetProperty("HTTPCertSerialNo", "00d802dc387dd867b9");

// Set the RDN for the CA of the certificate
oInputs.SetProperty("HTTPCertAuthority","E=cacert@oracle.com,CN=somecertcomputer,
OU=ca,O=oracle,L=boston,C=usa");

// Invoke EAI HTTP Transport
oService.InvokeMethod("SendReceive", oInputs, oOutputs);
Note: If the EAI HTTP Transport business service is invoked indirectly by an outbound Web service, then you can specify the HTTPCertSerialNo and HTTPCertAuthority parameters as input arguments for the outbound Web Service Dispatcher. For information about setting parameters for the EAI HTTP Transport business service for outbound Web services, see Integration Platform Technologies: Siebel Enterprise Application Integration.
Note: On UNIX operating systems, SHA-2 encryption is not supported for the EAI HTTP Transport.

For more information about configuring TLS mutual authentication using the EAI HTTP Transport, see Siebel Security Guide.